1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * zcrypt 2.1.0
4 *
5 * Copyright IBM Corp. 2001, 2012
6 * Author(s): Robert Burroughs
7 * Eric Rossman (edrossma@us.ibm.com)
8 *
9 * Hotplug & misc device support: Jochen Roehrig (roehrig@de.ibm.com)
10 * Major cleanup & driver split: Martin Schwidefsky <schwidefsky@de.ibm.com>
11 * Ralph Wuerthner <rwuerthn@de.ibm.com>
12 * MSGTYPE restruct: Holger Dengler <hd@linux.vnet.ibm.com>
13 */
14
15 #define KMSG_COMPONENT "zcrypt"
16 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
17
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/err.h>
21 #include <linux/delay.h>
22 #include <linux/slab.h>
23 #include <linux/atomic.h>
24 #include <linux/uaccess.h>
25
26 #include "ap_bus.h"
27 #include "zcrypt_api.h"
28 #include "zcrypt_error.h"
29 #include "zcrypt_msgtype6.h"
30 #include "zcrypt_cca_key.h"
31
32 #define PCIXCC_MIN_MOD_SIZE_OLD 64 /* 512 bits */
33 #define PCIXCC_MAX_ICA_RESPONSE_SIZE 0x77c /* max size type86 v2 reply */
34
35 #define CEIL4(x) ((((x)+3)/4)*4)
36
37 struct response_type {
38 struct completion work;
39 int type;
40 };
41 #define PCIXCC_RESPONSE_TYPE_ICA 0
42 #define PCIXCC_RESPONSE_TYPE_XCRB 1
43 #define PCIXCC_RESPONSE_TYPE_EP11 2
44
45 MODULE_AUTHOR("IBM Corporation");
46 MODULE_DESCRIPTION("Cryptographic Coprocessor (message type 6), " \
47 "Copyright IBM Corp. 2001, 2012");
48 MODULE_LICENSE("GPL");
49
50 /**
51 * CPRB
52 * Note that all shorts, ints and longs are little-endian.
53 * All pointer fields are 32-bits long, and mean nothing
54 *
55 * A request CPRB is followed by a request_parameter_block.
56 *
57 * The request (or reply) parameter block is organized thus:
58 * function code
59 * VUD block
60 * key block
61 */
62 struct CPRB {
63 unsigned short cprb_len; /* CPRB length */
64 unsigned char cprb_ver_id; /* CPRB version id. */
65 unsigned char pad_000; /* Alignment pad byte. */
66 unsigned char srpi_rtcode[4]; /* SRPI return code LELONG */
67 unsigned char srpi_verb; /* SRPI verb type */
68 unsigned char flags; /* flags */
69 unsigned char func_id[2]; /* function id */
70 unsigned char checkpoint_flag; /* */
71 unsigned char resv2; /* reserved */
72 unsigned short req_parml; /* request parameter buffer */
73 /* length 16-bit little endian */
74 unsigned char req_parmp[4]; /* request parameter buffer *
75 * pointer (means nothing: the *
76 * parameter buffer follows *
77 * the CPRB). */
78 unsigned char req_datal[4]; /* request data buffer */
79 /* length ULELONG */
80 unsigned char req_datap[4]; /* request data buffer */
81 /* pointer */
82 unsigned short rpl_parml; /* reply parameter buffer */
83 /* length 16-bit little endian */
84 unsigned char pad_001[2]; /* Alignment pad bytes. ULESHORT */
85 unsigned char rpl_parmp[4]; /* reply parameter buffer *
86 * pointer (means nothing: the *
87 * parameter buffer follows *
88 * the CPRB). */
89 unsigned char rpl_datal[4]; /* reply data buffer len ULELONG */
90 unsigned char rpl_datap[4]; /* reply data buffer */
91 /* pointer */
92 unsigned short ccp_rscode; /* server reason code ULESHORT */
93 unsigned short ccp_rtcode; /* server return code ULESHORT */
94 unsigned char repd_parml[2]; /* replied parameter len ULESHORT*/
95 unsigned char mac_data_len[2]; /* Mac Data Length ULESHORT */
96 unsigned char repd_datal[4]; /* replied data length ULELONG */
97 unsigned char req_pc[2]; /* PC identifier */
98 unsigned char res_origin[8]; /* resource origin */
99 unsigned char mac_value[8]; /* Mac Value */
100 unsigned char logon_id[8]; /* Logon Identifier */
101 unsigned char usage_domain[2]; /* cdx */
102 unsigned char resv3[18]; /* reserved for requestor */
103 unsigned short svr_namel; /* server name length ULESHORT */
104 unsigned char svr_name[8]; /* server name */
105 } __packed;
106
107 struct function_and_rules_block {
108 unsigned char function_code[2];
109 unsigned short ulen;
110 unsigned char only_rule[8];
111 } __packed;
112
113 /**
114 * The following is used to initialize the CPRBX passed to the PCIXCC/CEX2C
115 * card in a type6 message. The 3 fields that must be filled in at execution
116 * time are req_parml, rpl_parml and usage_domain.
117 * Everything about this interface is ascii/big-endian, since the
118 * device does *not* have 'Intel inside'.
119 *
120 * The CPRBX is followed immediately by the parm block.
121 * The parm block contains:
122 * - function code ('PD' 0x5044 or 'PK' 0x504B)
123 * - rule block (one of:)
124 * + 0x000A 'PKCS-1.2' (MCL2 'PD')
125 * + 0x000A 'ZERO-PAD' (MCL2 'PK')
126 * + 0x000A 'ZERO-PAD' (MCL3 'PD' or CEX2C 'PD')
127 * + 0x000A 'MRP ' (MCL3 'PK' or CEX2C 'PK')
128 * - VUD block
129 */
130 static const struct CPRBX static_cprbx = {
131 .cprb_len = 0x00DC,
132 .cprb_ver_id = 0x02,
133 .func_id = {0x54, 0x32},
134 };
135
speed_idx_cca(int req_type)136 int speed_idx_cca(int req_type)
137 {
138 switch (req_type) {
139 case 0x4142:
140 case 0x4149:
141 case 0x414D:
142 case 0x4341:
143 case 0x4344:
144 case 0x4354:
145 case 0x4358:
146 case 0x444B:
147 case 0x4558:
148 case 0x4643:
149 case 0x4651:
150 case 0x4C47:
151 case 0x4C4B:
152 case 0x4C51:
153 case 0x4F48:
154 case 0x504F:
155 case 0x5053:
156 case 0x5058:
157 case 0x5343:
158 case 0x5344:
159 case 0x5345:
160 case 0x5350:
161 return LOW;
162 case 0x414B:
163 case 0x4345:
164 case 0x4349:
165 case 0x434D:
166 case 0x4847:
167 case 0x4849:
168 case 0x484D:
169 case 0x4850:
170 case 0x4851:
171 case 0x4954:
172 case 0x4958:
173 case 0x4B43:
174 case 0x4B44:
175 case 0x4B45:
176 case 0x4B47:
177 case 0x4B48:
178 case 0x4B49:
179 case 0x4B4E:
180 case 0x4B50:
181 case 0x4B52:
182 case 0x4B54:
183 case 0x4B58:
184 case 0x4D50:
185 case 0x4D53:
186 case 0x4D56:
187 case 0x4D58:
188 case 0x5044:
189 case 0x5045:
190 case 0x5046:
191 case 0x5047:
192 case 0x5049:
193 case 0x504B:
194 case 0x504D:
195 case 0x5254:
196 case 0x5347:
197 case 0x5349:
198 case 0x534B:
199 case 0x534D:
200 case 0x5356:
201 case 0x5358:
202 case 0x5443:
203 case 0x544B:
204 case 0x5647:
205 return HIGH;
206 default:
207 return MEDIUM;
208 }
209 }
210
speed_idx_ep11(int req_type)211 int speed_idx_ep11(int req_type)
212 {
213 switch (req_type) {
214 case 1:
215 case 2:
216 case 36:
217 case 37:
218 case 38:
219 case 39:
220 case 40:
221 return LOW;
222 case 17:
223 case 18:
224 case 19:
225 case 20:
226 case 21:
227 case 22:
228 case 26:
229 case 30:
230 case 31:
231 case 32:
232 case 33:
233 case 34:
234 case 35:
235 return HIGH;
236 default:
237 return MEDIUM;
238 }
239 }
240
241
242 /**
243 * Convert a ICAMEX message to a type6 MEX message.
244 *
245 * @zq: crypto device pointer
246 * @ap_msg: pointer to AP message
247 * @mex: pointer to user input data
248 *
249 * Returns 0 on success or negative errno value.
250 */
ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo * mex)251 static int ICAMEX_msg_to_type6MEX_msgX(struct zcrypt_queue *zq,
252 struct ap_message *ap_msg,
253 struct ica_rsa_modexpo *mex)
254 {
255 static struct type6_hdr static_type6_hdrX = {
256 .type = 0x06,
257 .offset1 = 0x00000058,
258 .agent_id = {'C', 'A',},
259 .function_code = {'P', 'K'},
260 };
261 static struct function_and_rules_block static_pke_fnr = {
262 .function_code = {'P', 'K'},
263 .ulen = 10,
264 .only_rule = {'M', 'R', 'P', ' ', ' ', ' ', ' ', ' '}
265 };
266 struct {
267 struct type6_hdr hdr;
268 struct CPRBX cprbx;
269 struct function_and_rules_block fr;
270 unsigned short length;
271 char text[0];
272 } __packed * msg = ap_msg->message;
273 int size;
274
275 /*
276 * The inputdatalength was a selection criteria in the dispatching
277 * function zcrypt_rsa_modexpo(). However, make sure the following
278 * copy_from_user() never exceeds the allocated buffer space.
279 */
280 if (WARN_ON_ONCE(mex->inputdatalength > PAGE_SIZE))
281 return -EINVAL;
282
283 /* VUD.ciphertext */
284 msg->length = mex->inputdatalength + 2;
285 if (copy_from_user(msg->text, mex->inputdata, mex->inputdatalength))
286 return -EFAULT;
287
288 /* Set up key which is located after the variable length text. */
289 size = zcrypt_type6_mex_key_en(mex, msg->text+mex->inputdatalength);
290 if (size < 0)
291 return size;
292 size += sizeof(*msg) + mex->inputdatalength;
293
294 /* message header, cprbx and f&r */
295 msg->hdr = static_type6_hdrX;
296 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
297 msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
298
299 msg->cprbx = static_cprbx;
300 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
301 msg->cprbx.rpl_msgbl = msg->hdr.FromCardLen1;
302
303 msg->fr = static_pke_fnr;
304
305 msg->cprbx.req_parml = size - sizeof(msg->hdr) - sizeof(msg->cprbx);
306
307 ap_msg->length = size;
308 return 0;
309 }
310
311 /**
312 * Convert a ICACRT message to a type6 CRT message.
313 *
314 * @zq: crypto device pointer
315 * @ap_msg: pointer to AP message
316 * @crt: pointer to user input data
317 *
318 * Returns 0 on success or negative errno value.
319 */
ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue * zq,struct ap_message * ap_msg,struct ica_rsa_modexpo_crt * crt)320 static int ICACRT_msg_to_type6CRT_msgX(struct zcrypt_queue *zq,
321 struct ap_message *ap_msg,
322 struct ica_rsa_modexpo_crt *crt)
323 {
324 static struct type6_hdr static_type6_hdrX = {
325 .type = 0x06,
326 .offset1 = 0x00000058,
327 .agent_id = {'C', 'A',},
328 .function_code = {'P', 'D'},
329 };
330 static struct function_and_rules_block static_pkd_fnr = {
331 .function_code = {'P', 'D'},
332 .ulen = 10,
333 .only_rule = {'Z', 'E', 'R', 'O', '-', 'P', 'A', 'D'}
334 };
335
336 struct {
337 struct type6_hdr hdr;
338 struct CPRBX cprbx;
339 struct function_and_rules_block fr;
340 unsigned short length;
341 char text[0];
342 } __packed * msg = ap_msg->message;
343 int size;
344
345 /*
346 * The inputdatalength was a selection criteria in the dispatching
347 * function zcrypt_rsa_crt(). However, make sure the following
348 * copy_from_user() never exceeds the allocated buffer space.
349 */
350 if (WARN_ON_ONCE(crt->inputdatalength > PAGE_SIZE))
351 return -EINVAL;
352
353 /* VUD.ciphertext */
354 msg->length = crt->inputdatalength + 2;
355 if (copy_from_user(msg->text, crt->inputdata, crt->inputdatalength))
356 return -EFAULT;
357
358 /* Set up key which is located after the variable length text. */
359 size = zcrypt_type6_crt_key(crt, msg->text + crt->inputdatalength);
360 if (size < 0)
361 return size;
362 size += sizeof(*msg) + crt->inputdatalength; /* total size of msg */
363
364 /* message header, cprbx and f&r */
365 msg->hdr = static_type6_hdrX;
366 msg->hdr.ToCardLen1 = size - sizeof(msg->hdr);
367 msg->hdr.FromCardLen1 = PCIXCC_MAX_ICA_RESPONSE_SIZE - sizeof(msg->hdr);
368
369 msg->cprbx = static_cprbx;
370 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
371 msg->cprbx.req_parml = msg->cprbx.rpl_msgbl =
372 size - sizeof(msg->hdr) - sizeof(msg->cprbx);
373
374 msg->fr = static_pkd_fnr;
375
376 ap_msg->length = size;
377 return 0;
378 }
379
380 /**
381 * Convert a XCRB message to a type6 CPRB message.
382 *
383 * @zq: crypto device pointer
384 * @ap_msg: pointer to AP message
385 * @xcRB: pointer to user input data
386 *
387 * Returns 0 on success or -EFAULT, -EINVAL.
388 */
389 struct type86_fmt2_msg {
390 struct type86_hdr hdr;
391 struct type86_fmt2_ext fmt2;
392 } __packed;
393
XCRB_msg_to_type6CPRB_msgX(struct ap_message * ap_msg,struct ica_xcRB * xcRB,unsigned int * fcode,unsigned short ** dom)394 static int XCRB_msg_to_type6CPRB_msgX(struct ap_message *ap_msg,
395 struct ica_xcRB *xcRB,
396 unsigned int *fcode,
397 unsigned short **dom)
398 {
399 static struct type6_hdr static_type6_hdrX = {
400 .type = 0x06,
401 .offset1 = 0x00000058,
402 };
403 struct {
404 struct type6_hdr hdr;
405 struct CPRBX cprbx;
406 } __packed * msg = ap_msg->message;
407
408 int rcblen = CEIL4(xcRB->request_control_blk_length);
409 int replylen, req_sumlen, resp_sumlen;
410 char *req_data = ap_msg->message + sizeof(struct type6_hdr) + rcblen;
411 char *function_code;
412
413 if (CEIL4(xcRB->request_control_blk_length) <
414 xcRB->request_control_blk_length)
415 return -EINVAL; /* overflow after alignment*/
416
417 /* length checks */
418 ap_msg->length = sizeof(struct type6_hdr) +
419 CEIL4(xcRB->request_control_blk_length) +
420 xcRB->request_data_length;
421 if (ap_msg->length > MSGTYPE06_MAX_MSG_SIZE)
422 return -EINVAL;
423
424 /*
425 * Overflow check
426 * sum must be greater (or equal) than the largest operand
427 */
428 req_sumlen = CEIL4(xcRB->request_control_blk_length) +
429 xcRB->request_data_length;
430 if ((CEIL4(xcRB->request_control_blk_length) <=
431 xcRB->request_data_length) ?
432 (req_sumlen < xcRB->request_data_length) :
433 (req_sumlen < CEIL4(xcRB->request_control_blk_length))) {
434 return -EINVAL;
435 }
436
437 if (CEIL4(xcRB->reply_control_blk_length) <
438 xcRB->reply_control_blk_length)
439 return -EINVAL; /* overflow after alignment*/
440
441 replylen = sizeof(struct type86_fmt2_msg) +
442 CEIL4(xcRB->reply_control_blk_length) +
443 xcRB->reply_data_length;
444 if (replylen > MSGTYPE06_MAX_MSG_SIZE)
445 return -EINVAL;
446
447 /*
448 * Overflow check
449 * sum must be greater (or equal) than the largest operand
450 */
451 resp_sumlen = CEIL4(xcRB->reply_control_blk_length) +
452 xcRB->reply_data_length;
453 if ((CEIL4(xcRB->reply_control_blk_length) <= xcRB->reply_data_length) ?
454 (resp_sumlen < xcRB->reply_data_length) :
455 (resp_sumlen < CEIL4(xcRB->reply_control_blk_length))) {
456 return -EINVAL;
457 }
458
459 /* prepare type6 header */
460 msg->hdr = static_type6_hdrX;
461 memcpy(msg->hdr.agent_id, &(xcRB->agent_ID), sizeof(xcRB->agent_ID));
462 msg->hdr.ToCardLen1 = xcRB->request_control_blk_length;
463 if (xcRB->request_data_length) {
464 msg->hdr.offset2 = msg->hdr.offset1 + rcblen;
465 msg->hdr.ToCardLen2 = xcRB->request_data_length;
466 }
467 msg->hdr.FromCardLen1 = xcRB->reply_control_blk_length;
468 msg->hdr.FromCardLen2 = xcRB->reply_data_length;
469
470 /* prepare CPRB */
471 if (copy_from_user(&(msg->cprbx), xcRB->request_control_blk_addr,
472 xcRB->request_control_blk_length))
473 return -EFAULT;
474 if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
475 xcRB->request_control_blk_length)
476 return -EINVAL;
477 function_code = ((unsigned char *)&msg->cprbx) + msg->cprbx.cprb_len;
478 memcpy(msg->hdr.function_code, function_code,
479 sizeof(msg->hdr.function_code));
480
481 *fcode = (msg->hdr.function_code[0] << 8) | msg->hdr.function_code[1];
482 *dom = (unsigned short *)&msg->cprbx.domain;
483
484 if (memcmp(function_code, "US", 2) == 0
485 || memcmp(function_code, "AU", 2) == 0)
486 ap_msg->special = 1;
487 else
488 ap_msg->special = 0;
489
490 /* copy data block */
491 if (xcRB->request_data_length &&
492 copy_from_user(req_data, xcRB->request_data_address,
493 xcRB->request_data_length))
494 return -EFAULT;
495
496 return 0;
497 }
498
xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message * ap_msg,struct ep11_urb * xcRB,unsigned int * fcode)499 static int xcrb_msg_to_type6_ep11cprb_msgx(struct ap_message *ap_msg,
500 struct ep11_urb *xcRB,
501 unsigned int *fcode)
502 {
503 unsigned int lfmt;
504 static struct type6_hdr static_type6_ep11_hdr = {
505 .type = 0x06,
506 .rqid = {0x00, 0x01},
507 .function_code = {0x00, 0x00},
508 .agent_id[0] = 0x58, /* {'X'} */
509 .agent_id[1] = 0x43, /* {'C'} */
510 .offset1 = 0x00000058,
511 };
512
513 struct {
514 struct type6_hdr hdr;
515 struct ep11_cprb cprbx;
516 unsigned char pld_tag; /* fixed value 0x30 */
517 unsigned char pld_lenfmt; /* payload length format */
518 } __packed * msg = ap_msg->message;
519
520 struct pld_hdr {
521 unsigned char func_tag; /* fixed value 0x4 */
522 unsigned char func_len; /* fixed value 0x4 */
523 unsigned int func_val; /* function ID */
524 unsigned char dom_tag; /* fixed value 0x4 */
525 unsigned char dom_len; /* fixed value 0x4 */
526 unsigned int dom_val; /* domain id */
527 } __packed * payload_hdr = NULL;
528
529 if (CEIL4(xcRB->req_len) < xcRB->req_len)
530 return -EINVAL; /* overflow after alignment*/
531
532 /* length checks */
533 ap_msg->length = sizeof(struct type6_hdr) + xcRB->req_len;
534 if (CEIL4(xcRB->req_len) > MSGTYPE06_MAX_MSG_SIZE -
535 (sizeof(struct type6_hdr)))
536 return -EINVAL;
537
538 if (CEIL4(xcRB->resp_len) < xcRB->resp_len)
539 return -EINVAL; /* overflow after alignment*/
540
541 if (CEIL4(xcRB->resp_len) > MSGTYPE06_MAX_MSG_SIZE -
542 (sizeof(struct type86_fmt2_msg)))
543 return -EINVAL;
544
545 /* prepare type6 header */
546 msg->hdr = static_type6_ep11_hdr;
547 msg->hdr.ToCardLen1 = xcRB->req_len;
548 msg->hdr.FromCardLen1 = xcRB->resp_len;
549
550 /* Import CPRB data from the ioctl input parameter */
551 if (copy_from_user(&(msg->cprbx.cprb_len),
552 (char __force __user *)xcRB->req, xcRB->req_len)) {
553 return -EFAULT;
554 }
555
556 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
557 switch (msg->pld_lenfmt & 0x03) {
558 case 1:
559 lfmt = 2;
560 break;
561 case 2:
562 lfmt = 3;
563 break;
564 default:
565 return -EINVAL;
566 }
567 } else {
568 lfmt = 1; /* length format #1 */
569 }
570 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
571 *fcode = payload_hdr->func_val & 0xFFFF;
572
573 return 0;
574 }
575
576 /**
577 * Copy results from a type 86 ICA reply message back to user space.
578 *
579 * @zq: crypto device pointer
580 * @reply: reply AP message.
581 * @data: pointer to user output data
582 * @length: size of user output data
583 *
584 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
585 */
586 struct type86x_reply {
587 struct type86_hdr hdr;
588 struct type86_fmt2_ext fmt2;
589 struct CPRBX cprbx;
590 unsigned char pad[4]; /* 4 byte function code/rules block ? */
591 unsigned short length;
592 char text[0];
593 } __packed;
594
595 struct type86_ep11_reply {
596 struct type86_hdr hdr;
597 struct type86_fmt2_ext fmt2;
598 struct ep11_cprb cprbx;
599 } __packed;
600
convert_type86_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)601 static int convert_type86_ica(struct zcrypt_queue *zq,
602 struct ap_message *reply,
603 char __user *outputdata,
604 unsigned int outputdatalength)
605 {
606 static unsigned char static_pad[] = {
607 0x00, 0x02,
608 0x1B, 0x7B, 0x5D, 0xB5, 0x75, 0x01, 0x3D, 0xFD,
609 0x8D, 0xD1, 0xC7, 0x03, 0x2D, 0x09, 0x23, 0x57,
610 0x89, 0x49, 0xB9, 0x3F, 0xBB, 0x99, 0x41, 0x5B,
611 0x75, 0x21, 0x7B, 0x9D, 0x3B, 0x6B, 0x51, 0x39,
612 0xBB, 0x0D, 0x35, 0xB9, 0x89, 0x0F, 0x93, 0xA5,
613 0x0B, 0x47, 0xF1, 0xD3, 0xBB, 0xCB, 0xF1, 0x9D,
614 0x23, 0x73, 0x71, 0xFF, 0xF3, 0xF5, 0x45, 0xFB,
615 0x61, 0x29, 0x23, 0xFD, 0xF1, 0x29, 0x3F, 0x7F,
616 0x17, 0xB7, 0x1B, 0xA9, 0x19, 0xBD, 0x57, 0xA9,
617 0xD7, 0x95, 0xA3, 0xCB, 0xED, 0x1D, 0xDB, 0x45,
618 0x7D, 0x11, 0xD1, 0x51, 0x1B, 0xED, 0x71, 0xE9,
619 0xB1, 0xD1, 0xAB, 0xAB, 0x21, 0x2B, 0x1B, 0x9F,
620 0x3B, 0x9F, 0xF7, 0xF7, 0xBD, 0x63, 0xEB, 0xAD,
621 0xDF, 0xB3, 0x6F, 0x5B, 0xDB, 0x8D, 0xA9, 0x5D,
622 0xE3, 0x7D, 0x77, 0x49, 0x47, 0xF5, 0xA7, 0xFD,
623 0xAB, 0x2F, 0x27, 0x35, 0x77, 0xD3, 0x49, 0xC9,
624 0x09, 0xEB, 0xB1, 0xF9, 0xBF, 0x4B, 0xCB, 0x2B,
625 0xEB, 0xEB, 0x05, 0xFF, 0x7D, 0xC7, 0x91, 0x8B,
626 0x09, 0x83, 0xB9, 0xB9, 0x69, 0x33, 0x39, 0x6B,
627 0x79, 0x75, 0x19, 0xBF, 0xBB, 0x07, 0x1D, 0xBD,
628 0x29, 0xBF, 0x39, 0x95, 0x93, 0x1D, 0x35, 0xC7,
629 0xC9, 0x4D, 0xE5, 0x97, 0x0B, 0x43, 0x9B, 0xF1,
630 0x16, 0x93, 0x03, 0x1F, 0xA5, 0xFB, 0xDB, 0xF3,
631 0x27, 0x4F, 0x27, 0x61, 0x05, 0x1F, 0xB9, 0x23,
632 0x2F, 0xC3, 0x81, 0xA9, 0x23, 0x71, 0x55, 0x55,
633 0xEB, 0xED, 0x41, 0xE5, 0xF3, 0x11, 0xF1, 0x43,
634 0x69, 0x03, 0xBD, 0x0B, 0x37, 0x0F, 0x51, 0x8F,
635 0x0B, 0xB5, 0x89, 0x5B, 0x67, 0xA9, 0xD9, 0x4F,
636 0x01, 0xF9, 0x21, 0x77, 0x37, 0x73, 0x79, 0xC5,
637 0x7F, 0x51, 0xC1, 0xCF, 0x97, 0xA1, 0x75, 0xAD,
638 0x35, 0x9D, 0xD3, 0xD3, 0xA7, 0x9D, 0x5D, 0x41,
639 0x6F, 0x65, 0x1B, 0xCF, 0xA9, 0x87, 0x91, 0x09
640 };
641 struct type86x_reply *msg = reply->message;
642 unsigned short service_rc, service_rs;
643 unsigned int reply_len, pad_len;
644 char *data;
645
646 service_rc = msg->cprbx.ccp_rtcode;
647 if (unlikely(service_rc != 0)) {
648 service_rs = msg->cprbx.ccp_rscode;
649 if ((service_rc == 8 && service_rs == 66) ||
650 (service_rc == 8 && service_rs == 65) ||
651 (service_rc == 8 && service_rs == 72) ||
652 (service_rc == 8 && service_rs == 770) ||
653 (service_rc == 12 && service_rs == 769)) {
654 ZCRYPT_DBF(DBF_DEBUG,
655 "device=%02x.%04x rc/rs=%d/%d => rc=EINVAL\n",
656 AP_QID_CARD(zq->queue->qid),
657 AP_QID_QUEUE(zq->queue->qid),
658 (int) service_rc, (int) service_rs);
659 return -EINVAL;
660 }
661 if (service_rc == 8 && service_rs == 783) {
662 zq->zcard->min_mod_size =
663 PCIXCC_MIN_MOD_SIZE_OLD;
664 ZCRYPT_DBF(DBF_DEBUG,
665 "device=%02x.%04x rc/rs=%d/%d => rc=EAGAIN\n",
666 AP_QID_CARD(zq->queue->qid),
667 AP_QID_QUEUE(zq->queue->qid),
668 (int) service_rc, (int) service_rs);
669 return -EAGAIN;
670 }
671 zq->online = 0;
672 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
673 AP_QID_CARD(zq->queue->qid),
674 AP_QID_QUEUE(zq->queue->qid));
675 ZCRYPT_DBF(DBF_ERR,
676 "device=%02x.%04x rc/rs=%d/%d => online=0 rc=EAGAIN\n",
677 AP_QID_CARD(zq->queue->qid),
678 AP_QID_QUEUE(zq->queue->qid),
679 (int) service_rc, (int) service_rs);
680 return -EAGAIN; /* repeat the request on a different device. */
681 }
682 data = msg->text;
683 reply_len = msg->length - 2;
684 if (reply_len > outputdatalength)
685 return -EINVAL;
686 /*
687 * For all encipher requests, the length of the ciphertext (reply_len)
688 * will always equal the modulus length. For MEX decipher requests
689 * the output needs to get padded. Minimum pad size is 10.
690 *
691 * Currently, the cases where padding will be added is for:
692 * - PCIXCC_MCL2 using a CRT form token (since PKD didn't support
693 * ZERO-PAD and CRT is only supported for PKD requests)
694 * - PCICC, always
695 */
696 pad_len = outputdatalength - reply_len;
697 if (pad_len > 0) {
698 if (pad_len < 10)
699 return -EINVAL;
700 /* 'restore' padding left in the PCICC/PCIXCC card. */
701 if (copy_to_user(outputdata, static_pad, pad_len - 1))
702 return -EFAULT;
703 if (put_user(0, outputdata + pad_len - 1))
704 return -EFAULT;
705 }
706 /* Copy the crypto response to user space. */
707 if (copy_to_user(outputdata + pad_len, data, reply_len))
708 return -EFAULT;
709 return 0;
710 }
711
712 /**
713 * Copy results from a type 86 XCRB reply message back to user space.
714 *
715 * @zq: crypto device pointer
716 * @reply: reply AP message.
717 * @xcRB: pointer to XCRB
718 *
719 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
720 */
convert_type86_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcRB)721 static int convert_type86_xcrb(struct zcrypt_queue *zq,
722 struct ap_message *reply,
723 struct ica_xcRB *xcRB)
724 {
725 struct type86_fmt2_msg *msg = reply->message;
726 char *data = reply->message;
727
728 /* Copy CPRB to user */
729 if (copy_to_user(xcRB->reply_control_blk_addr,
730 data + msg->fmt2.offset1, msg->fmt2.count1))
731 return -EFAULT;
732 xcRB->reply_control_blk_length = msg->fmt2.count1;
733
734 /* Copy data buffer to user */
735 if (msg->fmt2.count2)
736 if (copy_to_user(xcRB->reply_data_addr,
737 data + msg->fmt2.offset2, msg->fmt2.count2))
738 return -EFAULT;
739 xcRB->reply_data_length = msg->fmt2.count2;
740 return 0;
741 }
742
743 /**
744 * Copy results from a type 86 EP11 XCRB reply message back to user space.
745 *
746 * @zq: crypto device pointer
747 * @reply: reply AP message.
748 * @xcRB: pointer to EP11 user request block
749 *
750 * Returns 0 on success or -EINVAL, -EFAULT, -EAGAIN in case of an error.
751 */
convert_type86_ep11_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcRB)752 static int convert_type86_ep11_xcrb(struct zcrypt_queue *zq,
753 struct ap_message *reply,
754 struct ep11_urb *xcRB)
755 {
756 struct type86_fmt2_msg *msg = reply->message;
757 char *data = reply->message;
758
759 if (xcRB->resp_len < msg->fmt2.count1)
760 return -EINVAL;
761
762 /* Copy response CPRB to user */
763 if (copy_to_user((char __force __user *)xcRB->resp,
764 data + msg->fmt2.offset1, msg->fmt2.count1))
765 return -EFAULT;
766 xcRB->resp_len = msg->fmt2.count1;
767 return 0;
768 }
769
convert_type86_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * buffer)770 static int convert_type86_rng(struct zcrypt_queue *zq,
771 struct ap_message *reply,
772 char *buffer)
773 {
774 struct {
775 struct type86_hdr hdr;
776 struct type86_fmt2_ext fmt2;
777 struct CPRBX cprbx;
778 } __packed * msg = reply->message;
779 char *data = reply->message;
780
781 if (msg->cprbx.ccp_rtcode != 0 || msg->cprbx.ccp_rscode != 0)
782 return -EINVAL;
783 memcpy(buffer, data + msg->fmt2.offset2, msg->fmt2.count2);
784 return msg->fmt2.count2;
785 }
786
convert_response_ica(struct zcrypt_queue * zq,struct ap_message * reply,char __user * outputdata,unsigned int outputdatalength)787 static int convert_response_ica(struct zcrypt_queue *zq,
788 struct ap_message *reply,
789 char __user *outputdata,
790 unsigned int outputdatalength)
791 {
792 struct type86x_reply *msg = reply->message;
793
794 switch (msg->hdr.type) {
795 case TYPE82_RSP_CODE:
796 case TYPE88_RSP_CODE:
797 return convert_error(zq, reply);
798 case TYPE86_RSP_CODE:
799 if (msg->cprbx.ccp_rtcode &&
800 (msg->cprbx.ccp_rscode == 0x14f) &&
801 (outputdatalength > 256)) {
802 if (zq->zcard->max_exp_bit_length <= 17) {
803 zq->zcard->max_exp_bit_length = 17;
804 return -EAGAIN;
805 } else
806 return -EINVAL;
807 }
808 if (msg->hdr.reply_code)
809 return convert_error(zq, reply);
810 if (msg->cprbx.cprb_ver_id == 0x02)
811 return convert_type86_ica(zq, reply,
812 outputdata, outputdatalength);
813 /*
814 * Fall through, no break, incorrect cprb version is an unknown
815 * response
816 */
817 default: /* Unknown response type, this should NEVER EVER happen */
818 zq->online = 0;
819 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
820 AP_QID_CARD(zq->queue->qid),
821 AP_QID_QUEUE(zq->queue->qid));
822 ZCRYPT_DBF(DBF_ERR,
823 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
824 AP_QID_CARD(zq->queue->qid),
825 AP_QID_QUEUE(zq->queue->qid),
826 (int) msg->hdr.type);
827 return -EAGAIN; /* repeat the request on a different device. */
828 }
829 }
830
convert_response_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ica_xcRB * xcRB)831 static int convert_response_xcrb(struct zcrypt_queue *zq,
832 struct ap_message *reply,
833 struct ica_xcRB *xcRB)
834 {
835 struct type86x_reply *msg = reply->message;
836
837 switch (msg->hdr.type) {
838 case TYPE82_RSP_CODE:
839 case TYPE88_RSP_CODE:
840 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
841 return convert_error(zq, reply);
842 case TYPE86_RSP_CODE:
843 if (msg->hdr.reply_code) {
844 memcpy(&(xcRB->status), msg->fmt2.apfs, sizeof(u32));
845 return convert_error(zq, reply);
846 }
847 if (msg->cprbx.cprb_ver_id == 0x02)
848 return convert_type86_xcrb(zq, reply, xcRB);
849 /*
850 * Fall through, no break, incorrect cprb version is an unknown
851 * response
852 */
853 default: /* Unknown response type, this should NEVER EVER happen */
854 xcRB->status = 0x0008044DL; /* HDD_InvalidParm */
855 zq->online = 0;
856 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
857 AP_QID_CARD(zq->queue->qid),
858 AP_QID_QUEUE(zq->queue->qid));
859 ZCRYPT_DBF(DBF_ERR,
860 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
861 AP_QID_CARD(zq->queue->qid),
862 AP_QID_QUEUE(zq->queue->qid),
863 (int) msg->hdr.type);
864 return -EAGAIN; /* repeat the request on a different device. */
865 }
866 }
867
convert_response_ep11_xcrb(struct zcrypt_queue * zq,struct ap_message * reply,struct ep11_urb * xcRB)868 static int convert_response_ep11_xcrb(struct zcrypt_queue *zq,
869 struct ap_message *reply, struct ep11_urb *xcRB)
870 {
871 struct type86_ep11_reply *msg = reply->message;
872
873 switch (msg->hdr.type) {
874 case TYPE82_RSP_CODE:
875 case TYPE87_RSP_CODE:
876 return convert_error(zq, reply);
877 case TYPE86_RSP_CODE:
878 if (msg->hdr.reply_code)
879 return convert_error(zq, reply);
880 if (msg->cprbx.cprb_ver_id == 0x04)
881 return convert_type86_ep11_xcrb(zq, reply, xcRB);
882 /* Fall through, no break, incorrect cprb version is an unknown resp.*/
883 default: /* Unknown response type, this should NEVER EVER happen */
884 zq->online = 0;
885 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
886 AP_QID_CARD(zq->queue->qid),
887 AP_QID_QUEUE(zq->queue->qid));
888 ZCRYPT_DBF(DBF_ERR,
889 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
890 AP_QID_CARD(zq->queue->qid),
891 AP_QID_QUEUE(zq->queue->qid),
892 (int) msg->hdr.type);
893 return -EAGAIN; /* repeat the request on a different device. */
894 }
895 }
896
convert_response_rng(struct zcrypt_queue * zq,struct ap_message * reply,char * data)897 static int convert_response_rng(struct zcrypt_queue *zq,
898 struct ap_message *reply,
899 char *data)
900 {
901 struct type86x_reply *msg = reply->message;
902
903 switch (msg->hdr.type) {
904 case TYPE82_RSP_CODE:
905 case TYPE88_RSP_CODE:
906 return -EINVAL;
907 case TYPE86_RSP_CODE:
908 if (msg->hdr.reply_code)
909 return -EINVAL;
910 if (msg->cprbx.cprb_ver_id == 0x02)
911 return convert_type86_rng(zq, reply, data);
912 /*
913 * Fall through, no break, incorrect cprb version is an unknown
914 * response
915 */
916 default: /* Unknown response type, this should NEVER EVER happen */
917 zq->online = 0;
918 pr_err("Cryptographic device %02x.%04x failed and was set offline\n",
919 AP_QID_CARD(zq->queue->qid),
920 AP_QID_QUEUE(zq->queue->qid));
921 ZCRYPT_DBF(DBF_ERR,
922 "device=%02x.%04x rtype=0x%02x => online=0 rc=EAGAIN\n",
923 AP_QID_CARD(zq->queue->qid),
924 AP_QID_QUEUE(zq->queue->qid),
925 (int) msg->hdr.type);
926 return -EAGAIN; /* repeat the request on a different device. */
927 }
928 }
929
930 /**
931 * This function is called from the AP bus code after a crypto request
932 * "msg" has finished with the reply message "reply".
933 * It is called from tasklet context.
934 * @aq: pointer to the AP queue
935 * @msg: pointer to the AP message
936 * @reply: pointer to the AP reply message
937 */
zcrypt_msgtype6_receive(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)938 static void zcrypt_msgtype6_receive(struct ap_queue *aq,
939 struct ap_message *msg,
940 struct ap_message *reply)
941 {
942 static struct error_hdr error_reply = {
943 .type = TYPE82_RSP_CODE,
944 .reply_code = REP82_ERROR_MACHINE_FAILURE,
945 };
946 struct response_type *resp_type =
947 (struct response_type *) msg->private;
948 struct type86x_reply *t86r;
949 int length;
950
951 /* Copy the reply message to the request message buffer. */
952 if (!reply)
953 goto out; /* ap_msg->rc indicates the error */
954 t86r = reply->message;
955 if (t86r->hdr.type == TYPE86_RSP_CODE &&
956 t86r->cprbx.cprb_ver_id == 0x02) {
957 switch (resp_type->type) {
958 case PCIXCC_RESPONSE_TYPE_ICA:
959 length = sizeof(struct type86x_reply)
960 + t86r->length - 2;
961 length = min(PCIXCC_MAX_ICA_RESPONSE_SIZE, length);
962 memcpy(msg->message, reply->message, length);
963 break;
964 case PCIXCC_RESPONSE_TYPE_XCRB:
965 length = t86r->fmt2.offset2 + t86r->fmt2.count2;
966 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
967 memcpy(msg->message, reply->message, length);
968 break;
969 default:
970 memcpy(msg->message, &error_reply,
971 sizeof(error_reply));
972 }
973 } else
974 memcpy(msg->message, reply->message, sizeof(error_reply));
975 out:
976 complete(&(resp_type->work));
977 }
978
979 /**
980 * This function is called from the AP bus code after a crypto request
981 * "msg" has finished with the reply message "reply".
982 * It is called from tasklet context.
983 * @aq: pointer to the AP queue
984 * @msg: pointer to the AP message
985 * @reply: pointer to the AP reply message
986 */
zcrypt_msgtype6_receive_ep11(struct ap_queue * aq,struct ap_message * msg,struct ap_message * reply)987 static void zcrypt_msgtype6_receive_ep11(struct ap_queue *aq,
988 struct ap_message *msg,
989 struct ap_message *reply)
990 {
991 static struct error_hdr error_reply = {
992 .type = TYPE82_RSP_CODE,
993 .reply_code = REP82_ERROR_MACHINE_FAILURE,
994 };
995 struct response_type *resp_type =
996 (struct response_type *)msg->private;
997 struct type86_ep11_reply *t86r;
998 int length;
999
1000 /* Copy the reply message to the request message buffer. */
1001 if (!reply)
1002 goto out; /* ap_msg->rc indicates the error */
1003 t86r = reply->message;
1004 if (t86r->hdr.type == TYPE86_RSP_CODE &&
1005 t86r->cprbx.cprb_ver_id == 0x04) {
1006 switch (resp_type->type) {
1007 case PCIXCC_RESPONSE_TYPE_EP11:
1008 length = t86r->fmt2.offset1 + t86r->fmt2.count1;
1009 length = min(MSGTYPE06_MAX_MSG_SIZE, length);
1010 memcpy(msg->message, reply->message, length);
1011 break;
1012 default:
1013 memcpy(msg->message, &error_reply, sizeof(error_reply));
1014 }
1015 } else {
1016 memcpy(msg->message, reply->message, sizeof(error_reply));
1017 }
1018 out:
1019 complete(&(resp_type->work));
1020 }
1021
1022 static atomic_t zcrypt_step = ATOMIC_INIT(0);
1023
1024 /**
1025 * The request distributor calls this function if it picked the PCIXCC/CEX2C
1026 * device to handle a modexpo request.
1027 * @zq: pointer to zcrypt_queue structure that identifies the
1028 * PCIXCC/CEX2C device to the request distributor
1029 * @mex: pointer to the modexpo request buffer
1030 */
zcrypt_msgtype6_modexpo(struct zcrypt_queue * zq,struct ica_rsa_modexpo * mex)1031 static long zcrypt_msgtype6_modexpo(struct zcrypt_queue *zq,
1032 struct ica_rsa_modexpo *mex)
1033 {
1034 struct ap_message ap_msg;
1035 struct response_type resp_type = {
1036 .type = PCIXCC_RESPONSE_TYPE_ICA,
1037 };
1038 int rc;
1039
1040 ap_init_message(&ap_msg);
1041 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1042 if (!ap_msg.message)
1043 return -ENOMEM;
1044 ap_msg.receive = zcrypt_msgtype6_receive;
1045 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1046 atomic_inc_return(&zcrypt_step);
1047 ap_msg.private = &resp_type;
1048 rc = ICAMEX_msg_to_type6MEX_msgX(zq, &ap_msg, mex);
1049 if (rc)
1050 goto out_free;
1051 init_completion(&resp_type.work);
1052 ap_queue_message(zq->queue, &ap_msg);
1053 rc = wait_for_completion_interruptible(&resp_type.work);
1054 if (rc == 0) {
1055 rc = ap_msg.rc;
1056 if (rc == 0)
1057 rc = convert_response_ica(zq, &ap_msg,
1058 mex->outputdata,
1059 mex->outputdatalength);
1060 } else
1061 /* Signal pending. */
1062 ap_cancel_message(zq->queue, &ap_msg);
1063 out_free:
1064 free_page((unsigned long) ap_msg.message);
1065 return rc;
1066 }
1067
1068 /**
1069 * The request distributor calls this function if it picked the PCIXCC/CEX2C
1070 * device to handle a modexpo_crt request.
1071 * @zq: pointer to zcrypt_queue structure that identifies the
1072 * PCIXCC/CEX2C device to the request distributor
1073 * @crt: pointer to the modexpoc_crt request buffer
1074 */
zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue * zq,struct ica_rsa_modexpo_crt * crt)1075 static long zcrypt_msgtype6_modexpo_crt(struct zcrypt_queue *zq,
1076 struct ica_rsa_modexpo_crt *crt)
1077 {
1078 struct ap_message ap_msg;
1079 struct response_type resp_type = {
1080 .type = PCIXCC_RESPONSE_TYPE_ICA,
1081 };
1082 int rc;
1083
1084 ap_init_message(&ap_msg);
1085 ap_msg.message = (void *) get_zeroed_page(GFP_KERNEL);
1086 if (!ap_msg.message)
1087 return -ENOMEM;
1088 ap_msg.receive = zcrypt_msgtype6_receive;
1089 ap_msg.psmid = (((unsigned long long) current->pid) << 32) +
1090 atomic_inc_return(&zcrypt_step);
1091 ap_msg.private = &resp_type;
1092 rc = ICACRT_msg_to_type6CRT_msgX(zq, &ap_msg, crt);
1093 if (rc)
1094 goto out_free;
1095 init_completion(&resp_type.work);
1096 ap_queue_message(zq->queue, &ap_msg);
1097 rc = wait_for_completion_interruptible(&resp_type.work);
1098 if (rc == 0) {
1099 rc = ap_msg.rc;
1100 if (rc == 0)
1101 rc = convert_response_ica(zq, &ap_msg,
1102 crt->outputdata,
1103 crt->outputdatalength);
1104 } else {
1105 /* Signal pending. */
1106 ap_cancel_message(zq->queue, &ap_msg);
1107 }
1108 out_free:
1109 free_page((unsigned long) ap_msg.message);
1110 return rc;
1111 }
1112
1113 /**
1114 * Fetch function code from cprb.
1115 * Extracting the fc requires to copy the cprb from userspace.
1116 * So this function allocates memory and needs an ap_msg prepared
1117 * by the caller with ap_init_message(). Also the caller has to
1118 * make sure ap_release_message() is always called even on failure.
1119 */
get_cprb_fc(struct ica_xcRB * xcRB,struct ap_message * ap_msg,unsigned int * func_code,unsigned short ** dom)1120 unsigned int get_cprb_fc(struct ica_xcRB *xcRB,
1121 struct ap_message *ap_msg,
1122 unsigned int *func_code, unsigned short **dom)
1123 {
1124 struct response_type resp_type = {
1125 .type = PCIXCC_RESPONSE_TYPE_XCRB,
1126 };
1127
1128 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1129 if (!ap_msg->message)
1130 return -ENOMEM;
1131 ap_msg->receive = zcrypt_msgtype6_receive;
1132 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1133 atomic_inc_return(&zcrypt_step);
1134 ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1135 if (!ap_msg->private)
1136 return -ENOMEM;
1137 memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1138 return XCRB_msg_to_type6CPRB_msgX(ap_msg, xcRB, func_code, dom);
1139 }
1140
1141 /**
1142 * The request distributor calls this function if it picked the PCIXCC/CEX2C
1143 * device to handle a send_cprb request.
1144 * @zq: pointer to zcrypt_queue structure that identifies the
1145 * PCIXCC/CEX2C device to the request distributor
1146 * @xcRB: pointer to the send_cprb request buffer
1147 */
zcrypt_msgtype6_send_cprb(struct zcrypt_queue * zq,struct ica_xcRB * xcRB,struct ap_message * ap_msg)1148 static long zcrypt_msgtype6_send_cprb(struct zcrypt_queue *zq,
1149 struct ica_xcRB *xcRB,
1150 struct ap_message *ap_msg)
1151 {
1152 int rc;
1153 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1154
1155 init_completion(&rtype->work);
1156 ap_queue_message(zq->queue, ap_msg);
1157 rc = wait_for_completion_interruptible(&rtype->work);
1158 if (rc == 0) {
1159 rc = ap_msg->rc;
1160 if (rc == 0)
1161 rc = convert_response_xcrb(zq, ap_msg, xcRB);
1162 } else
1163 /* Signal pending. */
1164 ap_cancel_message(zq->queue, ap_msg);
1165
1166 return rc;
1167 }
1168
1169 /**
1170 * Fetch function code from ep11 cprb.
1171 * Extracting the fc requires to copy the ep11 cprb from userspace.
1172 * So this function allocates memory and needs an ap_msg prepared
1173 * by the caller with ap_init_message(). Also the caller has to
1174 * make sure ap_release_message() is always called even on failure.
1175 */
get_ep11cprb_fc(struct ep11_urb * xcrb,struct ap_message * ap_msg,unsigned int * func_code)1176 unsigned int get_ep11cprb_fc(struct ep11_urb *xcrb,
1177 struct ap_message *ap_msg,
1178 unsigned int *func_code)
1179 {
1180 struct response_type resp_type = {
1181 .type = PCIXCC_RESPONSE_TYPE_EP11,
1182 };
1183
1184 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1185 if (!ap_msg->message)
1186 return -ENOMEM;
1187 ap_msg->receive = zcrypt_msgtype6_receive_ep11;
1188 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1189 atomic_inc_return(&zcrypt_step);
1190 ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1191 if (!ap_msg->private)
1192 return -ENOMEM;
1193 memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1194 return xcrb_msg_to_type6_ep11cprb_msgx(ap_msg, xcrb, func_code);
1195 }
1196
1197 /**
1198 * The request distributor calls this function if it picked the CEX4P
1199 * device to handle a send_ep11_cprb request.
1200 * @zq: pointer to zcrypt_queue structure that identifies the
1201 * CEX4P device to the request distributor
1202 * @xcRB: pointer to the ep11 user request block
1203 */
zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue * zq,struct ep11_urb * xcrb,struct ap_message * ap_msg)1204 static long zcrypt_msgtype6_send_ep11_cprb(struct zcrypt_queue *zq,
1205 struct ep11_urb *xcrb,
1206 struct ap_message *ap_msg)
1207 {
1208 int rc;
1209 unsigned int lfmt;
1210 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1211 struct {
1212 struct type6_hdr hdr;
1213 struct ep11_cprb cprbx;
1214 unsigned char pld_tag; /* fixed value 0x30 */
1215 unsigned char pld_lenfmt; /* payload length format */
1216 } __packed * msg = ap_msg->message;
1217 struct pld_hdr {
1218 unsigned char func_tag; /* fixed value 0x4 */
1219 unsigned char func_len; /* fixed value 0x4 */
1220 unsigned int func_val; /* function ID */
1221 unsigned char dom_tag; /* fixed value 0x4 */
1222 unsigned char dom_len; /* fixed value 0x4 */
1223 unsigned int dom_val; /* domain id */
1224 } __packed * payload_hdr = NULL;
1225
1226
1227 /**
1228 * The target domain field within the cprb body/payload block will be
1229 * replaced by the usage domain for non-management commands only.
1230 * Therefore we check the first bit of the 'flags' parameter for
1231 * management command indication.
1232 * 0 - non management command
1233 * 1 - management command
1234 */
1235 if (!((msg->cprbx.flags & 0x80) == 0x80)) {
1236 msg->cprbx.target_id = (unsigned int)
1237 AP_QID_QUEUE(zq->queue->qid);
1238
1239 if ((msg->pld_lenfmt & 0x80) == 0x80) { /*ext.len.fmt 2 or 3*/
1240 switch (msg->pld_lenfmt & 0x03) {
1241 case 1:
1242 lfmt = 2;
1243 break;
1244 case 2:
1245 lfmt = 3;
1246 break;
1247 default:
1248 return -EINVAL;
1249 }
1250 } else {
1251 lfmt = 1; /* length format #1 */
1252 }
1253 payload_hdr = (struct pld_hdr *)((&(msg->pld_lenfmt))+lfmt);
1254 payload_hdr->dom_val = (unsigned int)
1255 AP_QID_QUEUE(zq->queue->qid);
1256 }
1257
1258 init_completion(&rtype->work);
1259 ap_queue_message(zq->queue, ap_msg);
1260 rc = wait_for_completion_interruptible(&rtype->work);
1261 if (rc == 0) {
1262 rc = ap_msg->rc;
1263 if (rc == 0)
1264 rc = convert_response_ep11_xcrb(zq, ap_msg, xcrb);
1265 } else
1266 /* Signal pending. */
1267 ap_cancel_message(zq->queue, ap_msg);
1268
1269 return rc;
1270 }
1271
get_rng_fc(struct ap_message * ap_msg,int * func_code,unsigned int * domain)1272 unsigned int get_rng_fc(struct ap_message *ap_msg, int *func_code,
1273 unsigned int *domain)
1274 {
1275 struct response_type resp_type = {
1276 .type = PCIXCC_RESPONSE_TYPE_XCRB,
1277 };
1278
1279 ap_msg->message = kmalloc(MSGTYPE06_MAX_MSG_SIZE, GFP_KERNEL);
1280 if (!ap_msg->message)
1281 return -ENOMEM;
1282 ap_msg->receive = zcrypt_msgtype6_receive;
1283 ap_msg->psmid = (((unsigned long long) current->pid) << 32) +
1284 atomic_inc_return(&zcrypt_step);
1285 ap_msg->private = kmalloc(sizeof(resp_type), GFP_KERNEL);
1286 if (!ap_msg->private)
1287 return -ENOMEM;
1288 memcpy(ap_msg->private, &resp_type, sizeof(resp_type));
1289
1290 rng_type6CPRB_msgX(ap_msg, ZCRYPT_RNG_BUFFER_SIZE, domain);
1291
1292 *func_code = HWRNG;
1293 return 0;
1294 }
1295
1296 /**
1297 * The request distributor calls this function if it picked the PCIXCC/CEX2C
1298 * device to generate random data.
1299 * @zq: pointer to zcrypt_queue structure that identifies the
1300 * PCIXCC/CEX2C device to the request distributor
1301 * @buffer: pointer to a memory page to return random data
1302 */
zcrypt_msgtype6_rng(struct zcrypt_queue * zq,char * buffer,struct ap_message * ap_msg)1303 static long zcrypt_msgtype6_rng(struct zcrypt_queue *zq,
1304 char *buffer, struct ap_message *ap_msg)
1305 {
1306 struct {
1307 struct type6_hdr hdr;
1308 struct CPRBX cprbx;
1309 char function_code[2];
1310 short int rule_length;
1311 char rule[8];
1312 short int verb_length;
1313 short int key_length;
1314 } __packed * msg = ap_msg->message;
1315 struct response_type *rtype = (struct response_type *)(ap_msg->private);
1316 int rc;
1317
1318 msg->cprbx.domain = AP_QID_QUEUE(zq->queue->qid);
1319
1320 init_completion(&rtype->work);
1321 ap_queue_message(zq->queue, ap_msg);
1322 rc = wait_for_completion_interruptible(&rtype->work);
1323 if (rc == 0) {
1324 rc = ap_msg->rc;
1325 if (rc == 0)
1326 rc = convert_response_rng(zq, ap_msg, buffer);
1327 } else
1328 /* Signal pending. */
1329 ap_cancel_message(zq->queue, ap_msg);
1330
1331 return rc;
1332 }
1333
1334 /**
1335 * The crypto operations for a PCIXCC/CEX2C card.
1336 */
1337 static struct zcrypt_ops zcrypt_msgtype6_norng_ops = {
1338 .owner = THIS_MODULE,
1339 .name = MSGTYPE06_NAME,
1340 .variant = MSGTYPE06_VARIANT_NORNG,
1341 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1342 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1343 .send_cprb = zcrypt_msgtype6_send_cprb,
1344 };
1345
1346 static struct zcrypt_ops zcrypt_msgtype6_ops = {
1347 .owner = THIS_MODULE,
1348 .name = MSGTYPE06_NAME,
1349 .variant = MSGTYPE06_VARIANT_DEFAULT,
1350 .rsa_modexpo = zcrypt_msgtype6_modexpo,
1351 .rsa_modexpo_crt = zcrypt_msgtype6_modexpo_crt,
1352 .send_cprb = zcrypt_msgtype6_send_cprb,
1353 .rng = zcrypt_msgtype6_rng,
1354 };
1355
1356 static struct zcrypt_ops zcrypt_msgtype6_ep11_ops = {
1357 .owner = THIS_MODULE,
1358 .name = MSGTYPE06_NAME,
1359 .variant = MSGTYPE06_VARIANT_EP11,
1360 .rsa_modexpo = NULL,
1361 .rsa_modexpo_crt = NULL,
1362 .send_ep11_cprb = zcrypt_msgtype6_send_ep11_cprb,
1363 };
1364
zcrypt_msgtype6_init(void)1365 void __init zcrypt_msgtype6_init(void)
1366 {
1367 zcrypt_msgtype_register(&zcrypt_msgtype6_norng_ops);
1368 zcrypt_msgtype_register(&zcrypt_msgtype6_ops);
1369 zcrypt_msgtype_register(&zcrypt_msgtype6_ep11_ops);
1370 }
1371
zcrypt_msgtype6_exit(void)1372 void __exit zcrypt_msgtype6_exit(void)
1373 {
1374 zcrypt_msgtype_unregister(&zcrypt_msgtype6_norng_ops);
1375 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ops);
1376 zcrypt_msgtype_unregister(&zcrypt_msgtype6_ep11_ops);
1377 }
1378